package com.cicigodd.brick.plug.security.Interceptor;

import com.cicigodd.brick.plug.common.utils.AuthUtil;
import com.cicigodd.brick.plug.security.Interceptor.base.BaseSecurityInterceptor;
import com.cicigodd.brick.plug.security.api.PermissionServiceApi;
import com.cicigodd.brick.plug.security.api.ResourceCollectorApi;
import lombok.extern.slf4j.Slf4j;
import org.springframework.stereotype.Component;

import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * 权限校验的过滤器，用来校验用户有没有访问接口的权限
 *
 * @author cicigodd
 * @date 2022/09/23 08:42:00
 */
@Component
@Slf4j
public class PermissionSecurityInterceptor extends BaseSecurityInterceptor {

    @Resource
    private PermissionServiceApi permissionServiceApi;
    @Resource
    private ResourceCollectorApi resourceCollectorApi;

    @Override
    public void filterAction(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {

        // 1. 获取当前请求的路径
        String requestURI = httpServletRequest.getRequestURI();

        // 2. 判断接口是否需要鉴权
        Boolean booleam = resourceCollectorApi.checkPermission(requestURI);
        if (booleam) {

            // 3.获取token如果获取不到会抛出异常
            String token = AuthUtil.getToken();

            // 4. 进行当前接口的权限校验
            permissionServiceApi.checkPermission(token, requestURI);
        }
    }

}
